
/*++

Copyright (c) Microsoft Corporation. All rights reserved.

You may only use this code if you agree to the terms of the Windows Research Kernel Source Code License agreement (see License.txt).
If you do not agree to the terms, do not use the code.


Module Name:

    ntrmlsa.h

Abstract:

    Local Security Authority - Reference Monitor Communication Types

--*/


#include <ntlsa.h>

#ifndef _NTRMLSA_
#define _NTRMLSA_


//
// Memory type.  This defines the type of memory used for a record
// passed between the RM and LSA.
//
// SepRmLsaPortMemory - Memory allocated via RtlAllocateHeap()
//     from the shared memory section associated with the
//     Lsa command Port.
//
// SepRmLsaVirtualMemory - Memory allocated via ZwAllocateVirtualMemory()
//
// SepRmLsaUnreadableMemory - Memory not readable by the LSA.  This
//                            memory must be copied to another format
//                            before passage over the link.
//
// SepRmLsaLPCBufferMemory - Memory contained within the LPC buffer
// itself
//



typedef enum _SEP_RM_LSA_MEMORY_TYPE {

    SepRmNoMemory = 0,
    SepRmImmediateMemory,
    SepRmLsaCommandPortSharedMemory,
    SepRmLsaCustomSharedMemory,
    SepRmPagedPoolMemory,
    SepRmUnspecifiedMemory

} SEP_RM_LSA_MEMORY_TYPE, *PSEP_RM_LSA_MEMORY_TYPE;

//
// Reference Monitor Command Message Structure.  This structure is used
// by the Local Security Authority to send commands to the Reference Monitor
// via the Reference Monitor Server Command LPC Port.
//

#define RmMinimumCommand RmAuditSetCommand
#define RmMaximumCommand RmDeleteLogonSession

//
// Keep this in sync with SEP_RM_COMMAND_WORKER in se\rmmain.c
//

typedef enum _RM_COMMAND_NUMBER {

    RmDummyCommand = 0,
    RmAuditSetCommand,
    RmCreateLogonSession,
    RmDeleteLogonSession

} RM_COMMAND_NUMBER;

#define RM_MAXIMUM_COMMAND_PARAM_SIZE                                \
    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
    sizeof(RM_COMMAND_NUMBER))

typedef struct _RM_COMMAND_MESSAGE {

    PORT_MESSAGE MessageHeader;
    RM_COMMAND_NUMBER CommandNumber;
    UCHAR CommandParams[RM_MAXIMUM_COMMAND_PARAM_SIZE];

} RM_COMMAND_MESSAGE, *PRM_COMMAND_MESSAGE;

//
// Reference Monitor Command Reply Message Structure.
//

#define RM_MAXIMUM_REPLY_BUFFER_SIZE                                 \
    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
    sizeof(RM_COMMAND_NUMBER))


typedef struct _RM_REPLY_MESSAGE {

    PORT_MESSAGE MessageHeader;
    NTSTATUS ReturnedStatus;
    UCHAR ReplyBuffer[RM_MAXIMUM_REPLY_BUFFER_SIZE];

} RM_REPLY_MESSAGE, *PRM_REPLY_MESSAGE;

#define RM_COMMAND_MESSAGE_HEADER_SIZE                  \
    (sizeof(PORT_MESSAGE) + sizeof(NTSTATUS) + sizeof(RM_COMMAND_NUMBER))

//
// Local Security Authority Command Message Structure.  This structure is
// used by the Reference Monitor to send commands to the Local Security
// Authority via the LSA Server Command LPC Port.
//

#define LsapMinimumCommand LsapWriteAuditMessageCommand
#define LsapMaximumCommand LsapLogonSessionDeletedCommand

typedef enum _LSA_COMMAND_NUMBER {
    LsapDummyCommand = 0,
    LsapWriteAuditMessageCommand,
    LsapComponentTestCommand,
    LsapLogonSessionDeletedCommand
} LSA_COMMAND_NUMBER;

#define LSA_MAXIMUM_COMMAND_PARAM_SIZE                                \
    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -     \
    sizeof(LSA_COMMAND_NUMBER) - sizeof(SEP_RM_LSA_MEMORY_TYPE))

typedef struct _LSA_COMMAND_MESSAGE {
    PORT_MESSAGE MessageHeader;
    LSA_COMMAND_NUMBER CommandNumber;
    SEP_RM_LSA_MEMORY_TYPE CommandParamsMemoryType;
    UCHAR CommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];
} LSA_COMMAND_MESSAGE, *PLSA_COMMAND_MESSAGE;

//
// LSA Command Reply Message Structure.
//

#define LSA_MAXIMUM_REPLY_BUFFER_SIZE                                 \
    ((ULONG) PORT_MAXIMUM_MESSAGE_LENGTH - sizeof(PORT_MESSAGE) -      \
    sizeof(LSA_COMMAND_NUMBER))

typedef struct _LSA_REPLY_MESSAGE {
    PORT_MESSAGE MessageHeader;
    NTSTATUS ReturnedStatus;
    UCHAR ReplyBuffer[LSA_MAXIMUM_REPLY_BUFFER_SIZE];
} LSA_REPLY_MESSAGE, *PLSA_REPLY_MESSAGE;

//
// Command Parameter format for the special RmSendCommandToLsaCommand
//

typedef struct _RM_SEND_COMMAND_TO_LSA_PARAMS {
    LSA_COMMAND_NUMBER LsaCommandNumber;
    ULONG LsaCommandParamsLength;
    UCHAR LsaCommandParams[LSA_MAXIMUM_COMMAND_PARAM_SIZE];
} RM_SEND_COMMAND_TO_LSA_PARAMS, *PRM_SEND_COMMAND_TO_LSA_PARAMS;

//
// Command Values for the LSA and RM Component Test Commands
//

#define LSA_CT_COMMAND_PARAM_VALUE 0x00823543
#define RM_CT_COMMAND_PARAM_VALUE 0x33554432


//
// Audit Record Pointer Field Type
//

typedef enum _SE_ADT_POINTER_FIELD_TYPE {

    NullFieldType,
    UnicodeStringType,
    SidType,
    PrivilegeSetType,
    MiscFieldType

} SE_ADT_POINTER_FIELD_TYPE, *PSE_ADT_POINTER_FIELD_TYPE;


//
// Hardwired Audit Event Type counts
//

#define AuditEventMinType   (AuditCategorySystem)
#define AuditEventMaxType   (AuditCategoryAccountLogon)

#define POLICY_AUDIT_EVENT_TYPE_COUNT                                 \
    ((ULONG) AuditEventMaxType - AuditEventMinType + 1)

#define LSARM_AUDIT_EVENT_OPTIONS_SIZE                                    \
    (((ULONG)(POLICY_AUDIT_EVENT_TYPE_COUNT) * sizeof (POLICY_AUDIT_EVENT_OPTIONS)))

//
// Self-Relative form of POLICY_AUDIT_EVENTS_INFO
//

typedef struct _LSARM_POLICY_AUDIT_EVENTS_INFO {

    BOOLEAN AuditingMode;
    POLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions[POLICY_AUDIT_EVENT_TYPE_COUNT];
    ULONG MaximumAuditEventCount;

} LSARM_POLICY_AUDIT_EVENTS_INFO, *PLSARM_POLICY_AUDIT_EVENTS_INFO;

//
// The following symbol defines the value containing whether or not we're supposed
// to crash when an audit fails.  It is used in the se and lsasrv directories.
//

#define CRASH_ON_AUDIT_FAIL_VALUE   L"CrashOnAuditFail"

//
// These are the possible values for the CrashOnAuditFail flag.
//

#define LSAP_CRASH_ON_AUDIT_FAIL 1
#define LSAP_ALLOW_ADIMIN_LOGONS_ONLY 2

#endif // _NTRMLSA_

